pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/ruby24-base lang/ruby24-base: Add security patch ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/0e6d3bb00ceb
branches: trunk
changeset: 393053:0e6d3bb00ceb
user: taca <taca%pkgsrc.org@localhost>
date: Tue Mar 12 04:23:45 2019 +0000
description:
lang/ruby24-base: Add security patch for rubygems
Add security patch for rubygems, fixing these problem.
* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handlin
g
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
Since original patch included in official announce dose not cleanly applied to
Ruby 2.4.5, use a local version which drop patch to none existing test.
Bump PKGREVISION.
diffstat:
lang/ruby24-base/Makefile | 6 +++++-
lang/ruby24-base/distinfo | 6 +++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diffs (33 lines):
diff -r 80b191dd3b60 -r 0e6d3bb00ceb lang/ruby24-base/Makefile
--- a/lang/ruby24-base/Makefile Tue Mar 12 04:22:55 2019 +0000
+++ b/lang/ruby24-base/Makefile Tue Mar 12 04:23:45 2019 +0000
@@ -1,10 +1,14 @@
-# $NetBSD: Makefile,v 1.9 2018/07/17 10:56:24 jperkin Exp $
+# $NetBSD: Makefile,v 1.10 2019/03/12 04:23:45 taca Exp $
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION}
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
+# announced patch is failed to apply, so use local version.
+PATCHFILES= ruby-2.4.5-rubygems.patch-20190311
+PATCH_SITES= ${MASTER_SITE_LOCAL}
+
MAINTAINER= taca%NetBSD.org@localhost
HOMEPAGE= ${RUBY_HOMEPAGE}
COMMENT= Ruby ${RUBY_VERSION} release minimum base package
diff -r 80b191dd3b60 -r 0e6d3bb00ceb lang/ruby24-base/distinfo
--- a/lang/ruby24-base/distinfo Tue Mar 12 04:22:55 2019 +0000
+++ b/lang/ruby24-base/distinfo Tue Mar 12 04:23:45 2019 +0000
@@ -1,5 +1,9 @@
-$NetBSD: distinfo,v 1.11 2019/01/03 05:19:03 taca Exp $
+$NetBSD: distinfo,v 1.12 2019/03/12 04:23:45 taca Exp $
+SHA1 (ruby-2.4.5-rubygems.patch-20190311) = 3205fcafc9ff8b76b1f0ae31a87c3847bc93e69d
+RMD160 (ruby-2.4.5-rubygems.patch-20190311) = 9748f8de0d57930522fd9d423d08fa938a7467f7
+SHA512 (ruby-2.4.5-rubygems.patch-20190311) = 4273fe6fbf9a27720a243453723ddb7d6e7268b7f4d6a0d65af72a06d712fa18552bafca676e4aae92dc057e86a0c1628e056d0475fa20e0f5b57364b8408c67
+Size (ruby-2.4.5-rubygems.patch-20190311) = 12191 bytes
SHA1 (ruby-2.4.5.tar.xz) = b5be590b37487248da3a85541a62fb81f7f7e29a
RMD160 (ruby-2.4.5.tar.xz) = b0704071c12223b416ca5bd52a52671376d8ad5c
SHA512 (ruby-2.4.5.tar.xz) = 658f676c623109f4c7499615e191c98c3dd72cfcaeeaf121337d0b8a33c5243145edd50ec5e2775f988e3cd19788984f105fa165e3049779066566f67172c1b4
Home |
Main Index |
Thread Index |
Old Index